NSE 4 – FortiGate 6.4 — Question 34

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

Answer options

• A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
• B. No new log is recorded until you manually clear logs from the local disk.
• C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.
• D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Correct answer: C

Explanation

The correct answer is C because, by default, FortiGate will overwrite older logs when the local disk is full, issuing an initial warning at 75% usage. Options A and D incorrectly state the warning thresholds, and option B incorrectly suggests that no logging occurs until manual intervention is taken.